Jump to content

Session variable


markbett

Recommended Posts

on my site when a user logs in a number of session variables are set for them

[code]                           
   if(mysql_num_rows($validate) == 1){
      while($row = mysql_fetch_assoc($validate)){
         $_SESSION['login'] = true;
         $_SESSION['userid'] = $row['id'];
         $_SESSION['first_name'] = $row['first_name'];
         $_SESSION['last_name']  = $row['last_name'];
         $_SESSION['email_address'] = $row['email_address'];
$_SESSION['username'] = $row['username'];
         $_SESSION['cid'] = $row['cart_id'];
         setcookie('cid', $unique_cid, time()+24*3600*60);
//security for sess hijack//
$_SESSION['user']->fingerprint =
md5($_SERVER['HTTP_USER_AGENT']);[/code]
as you can see in the code

additionally in my code i set
[code]session_start();
session_name('SBQA');
header("Cache-control: private"); // Fix for IE
[/code]
before i spit anything out

the problem i am having is when you are logged in ( http://www.mygaysf.com/sbqa  you can log in using phpfreaks / password ) you will see that it correctly knows that you first name is "PHP Freaks"

now if you click on lets say the 15th in the calendar then VIEW EVENT
if you select the EVENT HOSTS name (a link so you will be able to send them a message) you will see that it has now changed your name in the welcome box.  There is NOTHING that should be resetting this session variable....

that code is simply:
[code]<?php
if($_SESSION['login'] == true){
   // show logout hyperlinks
   echo 'Welcome</td></tr><tr><td>- Welcome '.$_SESSION[first_name].' to the SBQA website. Click '.$nav_class.'../sbqa/logout.php">HERE</a> to end your session and log out.<br />';
if($_SESSION['useradmin'] != TRUE){
echo  '</td></tr></table>';[/code]

also on the next page is has changed who you are (the FROM box)

i only set the session variable FIRST NAME one time when you log in... the only change i do make is on the event view page i do add a session variable so that I can determine who the evnet host is for the last event they viewed but that should not have any effect on this at all as that code is simply:

[code] //we set variables here for the contacts

$_SESSION['host_name']= $event_host;
$_SESSION['host_email']= $host_email;
$_SESSION['subject']= "Re: SBQA Event ".$title;[/code]

so WHY oh why is this happening to me??
Link to comment
Share on other sites

so you can see the session varaible change there but there is NOTHING in the code that i can see that is doing that... the code for the page is:
[code]
<?php
include $_SERVER['DOCUMENT_ROOT'].'/sbqa/layout2.php';

$req = (!isset($_REQUEST['req'])) ? 'default' : $_REQUEST['req'];
switch($req){

case "view_day":
$time = mysql_real_escape_string($_GET['date']);
if($time<1){
$time=time();
}
$today = date('j',$time);
//myheader("smile");
include $_SERVER['DOCUMENT_ROOT'].'/sbqa/html/day_view.htm';
footer();
break;

case "view_event":
$event_id=mysql_real_escape_string($_GET['event_id']);
$sql = mysql_query("SELECT * FROM events, organisers WHERE
event_id ='{$event_id}' AND events.event_org = organisers.org_id")
or die (mysql_error());
if(!$sql){
        echo 'Error getting event information: '.
              mysql_error();
      } else {
while($row = mysql_fetch_array($sql)){
stripslashes(extract($row));
$start_time = strtotime($start_time);
$stop_time = strtotime($stop_time);
$rsvp_close = strtotime($rsvp_close);
$start=date('l, M. j g:i A', $start_time);
$stop=date('l, M. j g:i A', $stop_time);
$rsvp=date('l, M. j g:i A', $rsvp_close);
$address_url = '<a href="http://maps.google.com/maps?q='.$address.'" target="_blank">&nbsp;<img src="'.$_SERVER['SITE_ROOT'].'/sbqa/images/map.jpg" width="30" height="15">&nbsp;&nbsp;'.$location.'</a>';

//set the open to variable
if($open_to=='0'){
$open_to='Everyone';
}elseif($open_to=='1'){
$open_to='Members Only';
}elseif($open_to=='2'){
$open_to='Members and Invited Guests';
}elseif($open_to=='3'){
$open_to='Invitation Only';
}elseif($open_to=='4'){
$open_to='Asian Members Only';
}elseif($open_to=='5'){
$open_to='All Asians';
}else{
$open_to='An Error Occured';
}
//determine if the event is full
if($max_cap=='0'){
$space_avail="This event does not have an attendance limit.";
}else{
if(($max_cap-$attending)<='0'){
$space_avail="This event is full.";
}else{
$space_avail="There are currently ".($max_cap-$attending)." spaces left.";
}
}
//determine if the waiting list is full
if($max_cap=='0'){
$wait_avail="This event does not have a waiting list.";
}else{
if(($max_cap+$wait_list-$attending)<='0'){
$wait_avail="There is no room on the waiting list for this event.";
}else{
If($max_cap<$attending){
$wait_avail="There are currently ".($max_cap+$wait_list-$attending)." spaces left on the waiting list.";
}else{
$wait_avail="There are currently ".$wait_list." spaces left on the waiting list.";
}
}
}
//deadline text
if($rsvp_close>=time()){
$rsvp_countdown= round(($rsvp_close-time())/86400);
if($rsvp_countdown>1){
$rsvp_text="Make sure you get in on this event while you can.  There are only ".$rsvp_countdown." days left to RSVP to this event.";
}else{
$rsvp_text="There is not much time left at all to RSVP to this event.  You need to act quickly";
}
}else{
$rsvp_text="Unfortunately the deadline to RSVP to this event has passed.  Contact the event host if need further assistance.";
}

//create the attendance list
if($attend_vis == 1){
$attend_list="This event does not have a public attendance list";
}elseif($attend_vis == 0){
$sql=@mysql_query("SELECT name, guest_of, user_id FROM event_rsvp
WHERE event_id = '$event_id' ORDER BY rsvp_id ASC") or die (mysql_error());
if(!$sql){
echo 'Error getting event information: '.mysql_error();
} else {
  while($row = mysql_fetch_array($sql)){
    stripslashes(extract($row));
If(isset($user_id)){
$attend_list.= $name."<br />";
}else{
$attend_list.=  "- Guest of ".$guest_of."<br />";
}
}
}
}else{
$attend_list='An Error Occured';
}

//determien the event hosts name
$sql = mysql_query("SELECT first_name, last_name, email_address AS host_email FROM users WHERE
id ='$event_host'")
//id ='15'")//
or die (mysql_error());
if(!$sql){
        echo 'Error getting determining event host: '.
              mysql_error();
      } else {
while($row = mysql_fetch_array($sql)){
stripslashes(extract($row));
$event_host = $first_name.' '.$last_name;
}
}

//we set variables here for the contacts

$_SESSION['host_name']= $event_host;
$_SESSION['host_email']= $host_email;
$_SESSION['subject']= "Re: SBQA Event ".$title;

//the form where all data is dumped
include $_SERVER['DOCUMENT_ROOT'].'/sbqa/html/event_view.htm';
}
}
footer();
break;

default:
    //myheader("smile");
include $_SERVER['DOCUMENT_ROOT'].'/sbqa/html/6_month.htm';
footer();
break;

/*


include $_SERVER['DOCUMENT_ROOT'].'/sbqa/html/day_view.htm';
footer();*/
}
?>
[/code]
Link to comment
Share on other sites

the ONLY thing that could possibly make sense is that the SQL query that runs on that page that returns variables with the same names as those that were set in the session way back is what is causeing it to change but it shouldnt because....

[code]case "validate":
//ensure they are not already logged in//
if($_SESSION['login'] != TRUE){

$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
    $validate = mysql_query("SELECT * FROM users
                          WHERE username='$username'
                          AND password = md5('$password')
                          AND verified='1'  AND disabled='0'
                          ") or die (mysql_error());
                         
  if(mysql_num_rows($validate) == 1){
      while($row = mysql_fetch_assoc($validate)){
        $_SESSION['login'] = true;
        $_SESSION['userid'] = $row['id'];
        $_SESSION['first_name'] = $row['first_name'];
        $_SESSION['last_name']  = $row['last_name'];
        $_SESSION['email_address'] = $row['email_address'];
$_SESSION['username'] = $row['username'];
        $_SESSION['cid'] = $row['cart_id'];
        setcookie('cid', $unique_cid, time()+24*3600*60);
[/code]

it shouldnt ever set those variable unless you arent logged in  and the session id never changes
Link to comment
Share on other sites

Thanks, looks like sessions are getting crossed somehow.  Can you also echo phpsessid();

I noticed it changed in the session as well.  That helps a bit.  I also noticed that all of your variables are & variables.  I don't know if this is normal or what it means (well, I do know that it is a pass by reference, but I don't know if that always happens in a var_dump($_SESSION); or not).  I'm looking into that. 

Can you also echo session_id();

That should stay the same throughout. 
I noticed that the username changes when you go to a page with anther user's name on it.  Are you setting $_SESSION['firstname'] on every page?
Link to comment
Share on other sites

i added [code]if($_SESSION['login'] != TRUE){
echo "i ran again cause i suck";
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);[/code] to make sure that the session isnt being set every time a page changes and those variables are only being set by that script a single time (because i dont see the i ran again message)
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.